如何在 terraform 中使用嵌套计数来创建 VPN 端点路由?

How to use nested count in terraform for creating VPN endpoint routes?

我想使用 terraform 在 AWS 中创建 VPN 客户端端点。

我当前的代码块是:

resource "aws_ec2_client_vpn_route" "vpn_route" {
  depends_on = [
    aws_ec2_client_vpn_network_association.vpn_subnets
  ]
  count                  = length(var.rule)
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
  destination_cidr_block = element(var.rule, count.index)
  target_vpc_subnet_id   = element(var.subnets_id, count.index)
}

此处规则&subnet_id变量如下:

rule        = ["172.16.0.0/16", "172.18.0.0/16", "172.19.0.0/16"]
subnets_id  = ["subnet-123", "subnet-456"]

我想将每个规则 CIDR 与两个子网相关联。但我当前的代码仅将 1 个子网与 1 个 CIDR 相关联。我不知道如何解决它。

更新:

我根据 的答案修改了代码,但出现以下错误。

Error: error creating client VPN route "cvpn-endpoint-0e72bbde5,subnet-0fefd,172.19.0.0/16": ConcurrentMutationLimitExceeded: Cannot initiate another change for this endpoint at this time. Please try again later.
│       status code: 400, request id: 2663f630-54a1-4a22-a093-d04425204cf5
│
│   with module.VPN-Endpoint.aws_ec2_client_vpn_route.vpn_route["5"],
│   on modules\VPN-Endpoint\rule_route.tf line 14, in resource "aws_ec2_client_vpn_route" "vpn_route":
│   14: resource "aws_ec2_client_vpn_route" "vpn_route" {

我猜是因为每条路由都要一条一条创建。所以我通过添加时间睡眠修改了我的代码如下:

resource "time_sleep" "wait_30_seconds" {

  create_duration = "30s"
}

resource "aws_ec2_client_vpn_route" "vpn_route" {
  depends_on = [
    aws_ec2_client_vpn_network_association.vpn_subnets,
    time_sleep.wait_30_seconds
  ]
  for_each               = { for index, pair in setproduct(var.rule, var.subnets_id) : index => pair }
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
  destination_cidr_block = each.value[0]
  target_vpc_subnet_id   = each.value[1]
}

但是还是不行。有什么解决方法吗?

您可以通过对两个列表的元素使用 setproduct. This function computes the Cartesian-product 来完成此操作。

resource "aws_ec2_client_vpn_route" "vpn_route" {
  depends_on = [
    aws_ec2_client_vpn_network_association.vpn_subnets
  ]
  for_each               = { for index, pair in setproduct(var.rule, var.subnets_id) : index => pair }
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
  destination_cidr_block = each.value[0]
  target_vpc_subnet_id   = each.value[1]
}